8325-32C

Aruba 8325-32C, 8360-48Y6C User guide

  • Hello! I've reviewed the AOS-CX Fundamentals Guide for Aruba 8100, 8320, 8325, 8360, 9300, and 10000 Switch Series. This document covers a wide range of topics, from basic initial configuration to advanced features like the Aruba Network Analytics Engine and REST API. I'm here to answer your questions about the guide, or the capabilities of the switches described within it.
  • What is the Aruba Network Analytics Engine?
    What management options are available for AOS-CX switches?
    What is used to provide programmability in AOS-CX switches?
AOS-CX 10.13 Fundamentals
Guide
8100, 8320, 8325, 8360, 9300, 10000 Switch
Series
Published: November 2023
Edition: 1
|2
Copyright Information
© Copyright 2023 Hewlett Packard Enterprise Development LP.
This product includes code licensed under certain open source licenses which require source
compliance. The corresponding source for these components is available upon request. This offer is
valid to anyone in receipt of this information and shall expire three years following the date of the final
distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source
code, please check if the code is available in the HPE Software Center at
https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific
software version and product for which you want the open source code. Along with the request, please
send a check or money order in the amount of US $10.00 to:
Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America.
Notices
The information contained herein is subject to change without notice. The only warranties for Hewlett
Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or
omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession,
use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer
Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government
under vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard
Enterprise website.
For more information, see the KM Process Guide. ?>
Acknowledgments
Bluetooth is a trademark owned by its proprietor and used by Hewlett Packard Enterprise under
license.
Contents
Contents
Contents 3
About this document 11
Applicable products 11
Latest version available online 11
Command syntax notation conventions 11
About the examples 12
Identifying switch ports and interfaces 12
About AOS-CX 14
AOS-CX system databases 14
Aruba Network Analytics Engine introduction 15
AOS-CX CLI 15
Aruba CX mobile app 15
Aruba NetEdit 15
Ansible modules 16
AOS-CX Web UI 16
AOS-CX REST API 16
In-band and out-of-band management 17
SNMP-based management support 17
User accounts 17
Initial Configuration 18
Initial configuration using ZTP 18
Initial configuration using the Aruba CX mobile app 18
Troubleshooting Bluetooth connections 20
Bluetooth connection IP addresses 20
Bluetooth is connected but the switch is not reachable 20
Bluetooth is not connected 21
Initial configuration using the CLI 24
Connecting to the console port 24
Connecting to the management port 25
Logging into the switch for the first time 26
Setting switch time using the NTP client 26
Configuring banners 27
Configuring in-band management on a data port 27
Using the Web UI 28
Configuring the management interface 28
IP prefix priority 29
System profiles and configurable IP prefix priority 29
IP prefix priority defaults 30
IP Prefix priority commands 30
ip prefix-priority 30
ipv6 prefix-priority 31
show ip prefix-priority 32
show ipv6 prefix-priority 33
Selecting the system profile 34
AOS-CX 10.13 Fundamentals Guide 3
Contents | 4
System profile commands 35
profile 35
show profiles available 36
show profile current 38
Restoring the switch to factory default settings 39
Management interface commands 41
default-gateway 41
ip static 42
nameserver 43
psm 44
show interface mgmt 45
show psm 46
NTP commands 47
ntp authentication 47
ntp authentication-key 48
ntp disable 49
ntp enable 49
ntp conductor 50
ntp server 51
ntp trusted-key 53
ntp vrf 54
show ntp associations 55
show ntp authentication-keys 56
show ntp servers 57
show ntp statistics 57
show ntp status 58
Telnet access 60
Telnet commands 60
show telnet server 60
show telnet server sessions 61
telnet server 62
Interface configuration 63
Configuring a layer 2 interface 63
Configuring a layer 3 interface 63
Single source IP address 64
Priority-based flow control (PFC) 64
(Applies to the 8325, 9300, 10000) 64
(Applies to the 8325, 9300, 10000) Asymmetric PFC 65
(Applies to the 8360) 65
Configurable flow control buffer thresholds 65
For the 8325, 9300, and 10000 series switch: 65
Flow control and lossless buffering 68
For the 8325, 9300, and 10000 series switch: 68
Requirements for proper lossless buffering: 68
For the 8360 series switch: 69
Requirements for proper lossless buffering 69
Forward error correction 70
Unsupported transceiver support 71
Configuring an interface persona 71
Modes 72
Predefined and custom persona names 72
Creating and configuring an interface persona 73
Examples 73
Monitor mode 73
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 5
Interface commands 74
allow-unsupported-transceiver 74
default interface 76
description 77
dsm uplink-to-uplink 77
error-control 78
flow-control 79
flow-control buffer headroom 84
flow-control buffer xoff dynamic 85
flow-control buffer xoff static 86
flow-control buffer xon 87
flow-control watchdog 89
flow-control watchdog timeout resume 90
interface 91
interface loopback 92
interface vlan 92
ip address 93
ip mtu 94
ip source-interface 95
ipv6 address 97
ipv6 source-interface 98
l3-counters 99
mtu 101
persona 102
rate-interval 104
routing 105
show allow-unsupported-transceiver 106
show dsm uplink-to-uplink 107
show interface 107
show interface dom 113
show interface flow-control 114
show interface statistics 118
show interface transceiver 121
show interface utilization 124
show ip interface 125
show ip source-interface 127
show ipv6 interface 128
show ipv6 source-interface 130
shutdown 131
speed 131
system interface-group 134
Subinterfaces 137
Configuring subinterfaces 137
Subinterface in a router-on-a-stick deployment 138
Subinterface commands 138
encapsulation dot1q 138
interface 139
show capacities subinterface 141
show interface 142
Source interface selection 144
Source-interface selection commands 144
ip source-interface (protocol <ip-addr>) 144
ip source-interface 146
ipv6 source-interface 148
Contents | 6
ipv6 source-interface 150
show ip source-interface 152
show ipv6 source-interface 154
show running-config 156
VLANs 158
Precision Time Protocol (PTP) 159
PTP clocks 159
Best clock-source algorithm 160
PTP network diagram 160
Configuration examples 161
PTPv1 passthrough 162
PTP support over VSX 163
Hardware considerations 163
Configuration recommendations 163
PTP CoPP class configuration recommendations 163
Configuration recommendations for a boundary clock 163
QoS prioritization configuration recommendations for a transparent clock 164
General guidelines for PTP IPv4 multicast 164
Use cases 165
Use case:PTP – IPv4 over L2 spine leaf topology 165
Use case: PTP – L3 spine leaf topology 166
Use case: PTP-VSX Multicast 167
PTP commands 168
clear ptp statistics 168
clock-domain 168
clock-step 169
enable 170
ip source-interface 171
mode 172
priority1 174
priority2 175
ptp announce-interval 175
ptp announce-timeout 177
ptp clock-source-only 178
ptp delay-req-interval 179
ptp enable 180
ptp lag-role 180
ptp neighbor-propagation-delay-threshold 181
ptp pdelay-req-interval 182
ptp peer ip 184
ptp profile 185
ptp sync-interval 186
ptp sync-timeout 187
ptp vlan 188
show ptp clock 189
show ptp foreign-clock-sources 190
show ptp interface 191
show ptp parent 195
show ptp statistics 196
show ptp time-property 197
show running-config ptp 198
transport-protocol 199
vsx-sync ptp-global 200
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 7
Configuration and firmware management 201
Upgrade and downgrade scenarios 201
Upgrades 201
Downgrades 201
Limitations 201
Hot-patch software 202
Checkpoints 204
Checkpoint types 204
Maximum number of checkpoints 204
User generated checkpoints 204
System generated checkpoints 204
Supported remote file formats 204
Rollback 205
Checkpoint auto mode 205
Testing a switch configuration in checkpoint auto mode 205
Checkpoint commands 205
checkpoint auto 205
checkpoint auto confirm 206
checkpoint diff 207
checkpoint post-configuration 209
checkpoint post-configuration timeout 210
checkpoint rename 211
checkpoint rollback 211
copy checkpoint <CHECKPOINT-NAME> <REMOTE-URL> 212
copy checkpoint <CHECKPOINT-NAME> {running-config | startup-config} 213
copy checkpoint <CHECKPOINT-NAME> <STORAGE-URL> 214
copy <REMOTE-URL> checkpoint <CHECKPOINT-NAME> 215
copy <REMOTE-URL> {running-config | startup-config} 216
copy running-config {startup-config | checkpoint <CHECKPOINT-NAME>} 217
copy {running-config | startup-config} <REMOTE-URL> 218
copy {running-config | startup-config} <STORAGE-URL> 220
copy startup-config running-config 221
copy <STORAGE-URL> running-config 221
erase 223
show checkpoint <CHECKPOINT-NAME> 224
show checkpoint <CHECKPOINT-NAME> hash 226
show checkpoint post-configuration 227
show checkpoint 227
show checkpoint date 228
show running-config hash 229
show startup-config hash 230
write memory 231
Boot commands 231
boot set-default 231
boot system 232
show boot-history 234
Firmware management commands 236
copy {primary | secondary} <REMOTE-URL> 236
copy {primary | secondary} <FIRMWARE-FILENAME> 237
copy primary secondary 237
copy <REMOTE-URL> 238
copy secondary primary 240
copy <STORAGE-URL> 241
copy hot-patch 242
hot-patch 243
show hot-patch 244
Contents | 8
Dynamic Segmentation 246
SNMP 247
Configuring SNMP 247
Aruba Central integration 249
Connecting to Aruba Central 249
Custom CA certificate 249
Support mode in Aruba Central 250
Aruba Central commands 250
aruba-central 250
aruba-central support-mode 251
configuration-lockout central managed 252
disable 253
enable 253
location-override 254
show aruba-central 255
show running-config current-context 258
Port filtering 260
Port filtering commands 260
portfilter 260
show portfilter 261
DNS 264
Configuration 264
DNS client 264
Configuring the DNS client 264
DNS client commands 266
ip dns domain-list 266
ip dns domain-name 267
ip dns host 267
ip dns server address 268
show ip dns 269
Device discovery and configuration 272
Device Profile Usage Considerations 272
aaa authentication port-access allow-cdp-bpdu 273
LLDP 274
LLDP agent 275
LLDP MED support 277
LLDP EEE 277
Configuring the LLDP agent 278
LLDP commands 278
clear lldp neighbors 279
clear lldp statistics 279
lldp 280
lldp dot3 280
lldp dot3 mfs 281
lldp holdtime-multiplier 282
lldp management-address vlan 283
lldp management-ipv4-address 284
lldp management-ipv6-address 284
lldp med 285
lldp med location 286
lldp receive 288
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 9
lldp reinit 289
lldp select-tlv 290
lldp timer 291
lldp transmit 293
lldp txdelay 293
lldp trap enable 294
show lldp configuration 296
show lldp configuration mgmt 298
show lldp local-device 299
show lldp neighbor-info 301
show lldp neighbor-info detail 303
show lldp neighbor-info mgmt 306
show lldp statistics 308
show lldp statistics mgmt 309
show lldp tlv 310
Cisco Discovery Protocol (CDP) 311
CDP support 311
CDP commands 311
cdp 311
clear cdp counters 312
clear cdp neighbor-info 313
show cdp 313
show cdp neighbor-info 314
show cdp traffic 315
Zero Touch Provisioning 317
ZTP support 317
Setting up ZTP on a trusted network 318
ZTP process during switch boot 319
ZTP VSF switchover support 320
ZTP commands 320
show ztp information 320
ztp force provision 325
Switch system and hardware commands 327
bluetooth disable 327
bluetooth enable 327
clear events 328
clear ip errors 329
console baud-rate 330
domain-name 331
hostname 332
led locator 332
mtrace 333
power consumption-average-period 335
show bluetooth 335
show boot-history 337
show capacities 339
show capacities-status 340
show console 341
show core-dump 342
show domain-name 343
show environment fan 344
show environment led 346
show environment power-consumption 347
show environment power-supply 349
Contents | 10
show environment temperature 350
show events 351
show hostname 354
show images 355
show ip errors 356
show module 357
show running-config 359
show running-config current-context 362
show startup-config 363
show system 365
show system resource-utilization 366
show tech 369
show usb 370
show usb file-system 371
show version 372
system resource-utilization poll-interval 373
top cpu 374
top memory 375
usb 375
usb mount | unmount 376
Support and Other Resources 378
Accessing Aruba Support 378
Accessing Updates 379
Aruba Support Portal 379
My Networking 379
Warranty Information 379
Regulatory Information 379
Documentation Feedback 380
Chapter 1
About this document
About this document
This document describes features of the AOS-CX network operating system. It is intended for
administrators responsible for installing, configuring, and managing Aruba switches on a network.
Applicable products
This document applies to the following products:
nAruba 8100 Switch Series (R9W94A, R9W95A, R9W96A, R9W97A)
nAruba 8320 Switch Series (JL479A, JL579A, JL581A)
nAruba 8325 Switch Series (JL624A, JL625A, JL626A, JL627A)
nAruba 8360 Switch Series (JL700A, JL701A, JL702A, JL703A, JL706A, JL707A, JL708A, JL709A, JL710A,
JL711A, JL700C, JL701C, JL702C, JL703C, JL706C, JL707C, JL708C, JL709C, JL710C, JL711C, JL704C, JL705C,
JL719C, JL718C, JL717C, JL720C, JL722C, JL721C )
nAruba 9300 Switch Series (R9A29A, R9A30A, R8Z96A)
nAruba 10000 Switch Series (R8P13A, R8P14A)
Latest version available online
Updates to this document can occur after initial publication. For the latest versions of product
documentation, see the links provided in Support and Other Resources.
Command syntax notation conventions
Convention Usage
example-text Identifies commands and their options and operands, code examples,
filenames, pathnames, and output displayed in a command window. Items
that appear like the example text in the previous column are to be entered
exactly as shown and are required unless enclosed in brackets ([ ]).
example-text In code and screen examples, indicates text entered by a user.
Any of the following:
n<example-text>
n<example-text>
nexample-text
nexample-text
Identifies a placeholder—such as a parameter or a variable—that you must
substitute with an actual value in a command or in code:
nFor output formats where italic text cannot be displayed, variables
are enclosed in angle brackets (< >). Substitute the text—including
the enclosing angle brackets—with an actual value.
nFor output formats where italic text can be displayed, variables
might or might not be enclosed in angle brackets. Substitute the
text including the enclosing angle brackets, if any, with an actual
value.
AOS-CX 10.13 Fundamentals Guide 11
About this document | 12
Convention Usage
|Vertical bar. A logical OR that separates multiple items from which you can
choose only one.
Any spaces that are on either side of the vertical bar are included for
readability and are not a required part of the command syntax.
{ } Braces. Indicates that at least one of the enclosed items is required.
[ ] Brackets. Indicates that the enclosed item or items are optional.
or
...
Ellipsis:
nIn code and screen examples, a vertical or horizontal ellipsis indicates an
omission of information.
nIn syntax using brackets and braces, an ellipsis indicates items that can be
repeated. When an item followed by ellipses is enclosed in brackets, zero
or more items can be specified.
About the examples
Examples in this document are representative and might not match your particular switch or
environment.
The slot and port numbers in this document are for illustration only and might be unavailable on your
switch.
Understanding the CLI prompts
When illustrating the prompts in the command line interface (CLI), this document uses the generic term
switch, instead of the host name of the switch. For example:
switch>
The CLI prompt indicates the current command context. For example:
switch>
Indicates the operator command context.
switch#
Indicates the manager command context.
switch(CONTEXT-NAME)#
Indicates the configuration context for a feature. For example:
switch(config-if)#
Identifies the interface context.
Variable information in CLI prompts
In certain configuration contexts, the prompt may include variable information. For example, when in
the VLAN configuration context, a VLAN number appears in the prompt:
switch(config-vlan-100)#
When referring to this context, this document uses the syntax:
switch(config-vlan-<VLAN-ID>)#
Where <VLAN-ID> is a variable representing the VLAN number.
Identifying switch ports and interfaces
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 13
Physical ports on the switch and their corresponding logical software interfaces are identified using the
format:
member/slot/port
On the 83xx, 9300, and 10000 Switch Series
nmember: Always 1. VSF is not supported on this switch.
nslot: Always 1. This is not a modular switch, so there are no slots.
nport: Physical number of a port on the switch.
For example, the logical interface 1/1/4 in software is associated with physical port 4 on the switch.
If using breakout cables, the port designation changes to x:y, where x is the physical port and y is the lane when
split to 4 x 10G or 4 x 25G. For example, the logical interface 1/1/4:2 in software is associated with lane 2 on
physical port 4 in slot 1 on member 1.
Chapter 2
About AOS-CX
About AOS-CX
AOS-CX is a new, modern, fully programmable operating system built using a database-centric design
that ensures higher availability and dynamic software process changes for reduced downtime. In
addition to robust hardware reliability, the AOS-CX operating system includes additional software
elements not available with traditional systems, including:
nAutomated visibility to help IT organizations scale: The Aruba Network Analytics Engine allows IT to
monitor and troubleshoot network, system, application, and security-related issues easily through
simple scripts. This engine comes with a built-in time series database that enables customers and
developers to create software modules that allow historical troubleshooting, as well as analysis of
historical trends to predict and avoid future problems due to scale, security, and performance
bottlenecks.
nProgrammability simplified: A switch that is running the AOS-CX operating system is fully
programmable with a built-in Python interpreter as well as REST-based APIs, allowing easy integration
with other devices both on premise and in the cloud. This programmability accelerates IT
organization understanding of and response to network issues. The database holds all aspects of the
configuration, statistics, and status information in a highly structured and fully defined form.
nFaster resolution with network insights: With legacy switches, IT organizations must troubleshoot
problems after the fact, using traditional tools like CLI and SNMP, augmented by separate, expensive
monitoring, analytics, and troubleshooting solutions. These capabilities are built in to the AOS-CX
operating system and are extensible.
nHigh availability: For switches that support active and standby management modules, the AOS-CX
database can synchronize data between active and standby modules and maintain current
configuration and state information during a failover to the standby management module.
nEase of roll-back to previous configurations: The built-in database acts as a network record, enabling
support for multiple configuration checkpoints and the ability to roll back to a previous configuration
checkpoint.
AOS-CX system databases
The AOS-CX operating system is a modular, database-centric operating system. Every aspect of the
switch configuration and state information is modeled in the AOS-CX switch configuration and state
database, including the following:
nConfiguration information
nStatus of all features
nStatistics
The AOS-CX operating system also includes a time series database, which acts as a built-in network
record. The time series database makes the data seamlessly available to Aruba Network Analytics Engine
agents that use rules that evaluate network conditions over time. Time-series data about the resources
monitored by agents are automatically collected and presented in graphs in the switch Web UI.
AOS-CX 10.13 Fundamentals Guide 14
About AOS-CX | 15
Aruba Network Analytics Engine introduction
The Aruba Network Analytics Engine is a first-of-its-kind built-in framework for network assurance and
remediation. Combining the full automation and deep visibility capabilities of the AOS-CX operating
system, this unique framework enables monitoring, collecting network data, evaluating conditions, and
taking corrective actions through simple scripting agents.
This engine is integrated with the AOS-CX system configuration and time series databases, enabling you
to examine historical trends and predict future problems due to scale, security, and performance
bottlenecks. With that information, you can create software modules that automatically detect such
issues and take appropriate actions.
With the faster network insights and automation provided by the Aruba Network Analytics Engine, you
can reduce the time spent on manual tasks and address current and future demands driven by Mobility
and IoT.
AOS-CX CLI
The AOS-CX CLI is an industry standard text-based command-line interface with hierarchical structure
designed to reduce training time and increase productivity in multivendor installations.
The CLI gives you access to the full set of commands for the switch while providing the same password
protection that is used in the Web UI. You can use the CLI to configure, manage, and monitor devices
running the AOS-CX operating system.
Aruba CX mobile app
The Aruba CX mobile app enables you to use a mobile device to configure or access a supported AOS-CX
switch. You can connect to the switch through Bluetooth or Wi-Fi.
You can use this application to do the following:
nConnect to the switch for the first time and configure basic operational settings—all without
requiring you to connect a terminal emulator to the console port.
nView and change the configuration of individual switch features or settings.
nManage the running configuration and startup configuration of the switch, including the following:
oTransferring files between the switch and your mobile device
oSharing configuration files from your mobile device
oCopying the running configuration to the startup configuration
nAccess the switch CLI.
For more information about the Aruba CX mobile app, see:
www.arubanetworks.com/products/networking/switches/cx-mobileapp.
Aruba NetEdit
Aruba NetEdit enables the automation of multidevice configuration change workflows without the
overhead of programming.
The key capabilities of NetEdit include the following:
nIntelligent configuration with validation for consistency and compliance
nTime savings by simultaneously viewing and editing multiple configurations
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 16
nCustomized validation tests for corporate compliance and network design
nAutomated large-scale configuration deployment without programming
nAbility to track changes to hardware, software, and configurations (whether made through NetEdit or
directly on the switch) with automated versioning
For more information about Aruba NetEdit, search for NetEdit at the following website:
www.hpe.com/support/hpesc
Ansible modules
Ansible is an open-source IT automation platform.
Aruba publishes a set of Ansible configuration management modules designed for switches running
AOS-CX software. The modules are available from the following places:
nThe arubanetworks.aoscx_role role in the Ansible Galaxy at:
https://galaxy.ansible.com/arubanetworks/aoscx_role
nThe aoscx-ansible-role at the following GitHub repository: https://github.com/aruba/aoscx-ansible-
role
AOS-CX Web UI
The Web UI gives you quick and easy visibility into what is happening on your switch, providing faster
problem detection, diagnosis, and resolution. The Web UI provides dashboards and views to monitor
the status of the switch, including easy to read indicators for: power supply, temperature, fans, CPU use,
memory use, log entries, system information, firmware, interfaces, VLANs, and LAGs. In addition, you
use the Web UI to access the Network Analytics Engine, run certain diagnostics, and modify some
aspects of the switch configuration.
AOS-CX REST API
Switches running the AOS-CX software are fully programmable with a REST (REpresentational State
Transfer) API, allowing easy integration with other devices both on premises and in the cloud. This
programmability—combined with the Aruba Network Analytics Engine—accelerates network
administrator understanding of and response to network issues.
The AOS-CX REST API enables programmatic access to the AOS-CX configuration and state database at
the heart of the switch. By using a structured model, changes to the content and formatting of the CLI
output do not affect the programs you write. And because the configuration is stored in a structured
database instead of a text file, rolling back changes is easier than ever, thus dramatically reducing a risk
of downtime and performance issues.
The AOS-CX REST API is a web service that performs operations on switch resources using HTTPS POST,
GET,PUT, and DELETE methods.
A switch resource is indicated by its Uniform Resource Identifier (URI). A URI can be made up of several
components, including the host name or IP address, port number, the path, and an optional query
string. The AOS-CX operating system includes the AOS-CX REST API Reference, which is a web interface
based on the Swagger UI. The AOS-CX REST API Reference provides the reference documentation for the
REST API, including resources URIs, models, methods, and errors. The AOS-CX REST API Reference shows
most of the supported read and write methods for all switch resources.
About AOS-CX | 17
In-band and out-of-band management
Management communications with a managed switch can be either of the following:
In band
In-band management communications occur through ports on the line modules of the switch, using
common communications protocols such as SSH and SNMP.
When you use an in-band management connection, management traffic from that connection uses
the same network infrastructure as user data. User data uses the data plane, which is responsible
for moving data from source to destination. Management traffic that uses the data plane is more
likely to be affected by traffic congestion and other issues affecting the user network.
Out of band
OOBM (out-of-band management) communications occur through a dedicated serial or USB console
port or though a dedicated networked management port.
OOBM operates on a management plane that is separate from the data plane used by data traffic on
the switch and by in-band management traffic. That separation means that OOBM can continue to
function even during periods of traffic congestion, equipment malfunction, or attacks on the
network. In addition, it can provide improved switch security: a properly configured switch can limit
management access to the management port only, preventing malicious attempts to gain access
through the data ports.
Networked OOBM typically occurs on a management network that connects multiple switches. It has
the added advantage that it can be done from a central location and does not require an individual
physical cable from the management station to the console port of each switch.
SNMP-based management support
The AOS-CX operating system provides SNMP read access to the switch. SNMP support includes support
of industry-standard MIB (Management Information Base) plus private extensions, including SNMP
events, alarms, history, statistics groups, and a private alarm extension group. SNMP access is disabled
by default.
User accounts
To view or change configuration settings on the switch, users must log in with a valid account.
Authentication of user accounts can be performed locally on the switch, or by using the services of an
external TACACS+ or RADIUS server.
Two types of user accounts are supported:
nOperators: Operators can view configuration settings, but cannot change them. No operator
accounts are created by default.
nAdministrators: Administrators can view and change configuration settings. A default locally stored
administrator account is created with username set to admin and no password. You set the
administrator account password as part of the initial configuration procedure for the switch.
Chapter 3
Initial Configuration
Initial Configuration
Perform the initial configuration of a factory default switch using one of the following methods:
nLoad a switch configuration using zero-touch provisioning (ZTP). When ZTP is used, the configuration
is loaded from a server automatically when the switch booted from the factory default configuration.
nConnect to the switch wirelessly with a mobile device through Bluetooth, and use the Aruba CX
Mobile App to deploy an initial configuration from a provided template. The template you choose
during the deployment process determines how the management interface is configured. Optionally,
as the final deployment step, you can select to import the switch into NetEdit through a WiFI
connection to the NetEdit server.
Alternatively, you can use the Aruba CX Mobile App to manually configure switch settings and features
for a subset of the features you can configure using the CLI. You can also access the CLI through the
mobile application.
nConnect the management port on the switch to your network, and then use SSH client software to
reach the switch from a computer connected to the same network. This requires that a DHCP server
is installed on the network. Configure switch settings and features by executing CLI commands.
nConnect a computer running terminal emulation software to the console port on the switch.
Configure switch settings and features by executing CLI commands.
Initial configuration using ZTP
Zero Touch Provisioning (ZTP) configures a switch automatically from a remote server.
Prerequisites
nThe switch must be in the factory default configuration.
Do not change the configuration of the switch from its factory default configuration in any way, including
by setting the administrator password.
nYour network administrator or installation site coordinator must provide a Category 6 (Cat6) cable
connected to the network that provides access to the servers used for Zero Touch Provisioning (ZTP)
operations.
Procedure
1. Connect the network cable to the out-of-band management port on the switch.
See the Installation Guide for switch to determine the location of the switch ports.
2. If the switch is powered on, power off the switch.
3. Power on the switch. During the ZTP operation, the switch might reboot if a new firmware image
is being installed. ZTP goes to "Failed" state if the switch receives DHCP IP for vlan1 and does not
receive any ZTP options within 60 seconds.
Initial configuration using the Aruba CX mobile app
AOS-CX 10.13 Fundamentals Guide 18
Initial Configuration | 19
This procedure describes how to use your mobile device to connect to the Bluetooth interface of the
switch to connect to the switch for the first time so that you can configure basic operational settings
using the Aruba CX mobile app.
Prerequisites
nYou have obtained the USB Bluetooth adapter that was shipped with the switch. Information about
the make and model of the supported adapter is included in the information about the Aruba CX
mobile app in the Apple Store or Google Play.
nThe Aruba CX mobile app must be installed on your mobile device.
nBluetooth must be enabled on your mobile device.
nYour mobile device must be within the communication range of the Bluetooth adapter.
nIf you are planning to import the switch into NetEdit, your mobile device must be able to use a Wi-Fi
connection—not Bluetooth—to access the NetEdit server.
If your mobile device does not support simultaneous Bluetooth and Wi-Fi connections, you must use
the NetEdit interface to import the switch at a later time. You can use the Devices tab to display the IP
address of the switches you configured using your mobile device.
nThe switch must be installed and powered on, with the network operating system boot sequence
complete.
For information about installing and powering on the switch, see the Installation Guide for the switch.
Because you are using this mobile application to configure the switch through the Bluetooth interface, it
is not necessary to connect a console to the switch.
nBluetooth and USB must be enabled on the switch. On switches shipped from the factory, Bluetooth
and USB are enabled by default.
Procedure
1. Install the USB Bluetooth adapter in the USB port of the switch.
For switches that have multiple management modules, you must install the USB Bluetooth
adapter in the USB port of the active management module. Typically, the active management
module is the module in slot5.
Switches shipped from the factory have both USB and Bluetooth enabled by default.
For information about the location of the USB port on the switch, see the Installation Guide for the
switch.
2. Use the Bluetooth settings on your mobile device to pair and connect the switch to your mobile
device.
If you are in range of multiple Bluetooth devices, more than one device is displayed on the list of
available devices. Switches running the AOS-CX operating system are displayed in the following
format:
Switch_model -Serial_number
For example: 8325-987654X1234567 or 8320-AB12CDE123
A switch supports one active Bluetooth connection at a time.
On some Android devices, you might need to change the settings of the paired device to specify
that it be used for Internet access.
3. Open the Aruba CX mobile app on your mobile device.
;" />
AOS-CX 10.13 Fundamentals Guide | (8100, 83xx, 9300, 10000 Switch Series) 20
The application attempts to connect to the switch using the switch Bluetooth IP address and
the default switch login credentials. The Home screen of the application shows the status of
the connection to the switch:
nIf the login attempt was successful, the Bluetooth icon is displayed and the status message
shows the Bluetooth IP address of the switch. In addition, the connection graphic is green. You
can continue to the next step.
nIf the login attempt was not successful, but a response was received, the Bluetooth icon is
displayed, but the status message is: Login Required. You can continue to the next step.
When you tap one of the tiles, you will be prompted for login credentials.
nIf the login attempt did not receive a response, the Bluetooth icon is not displayed, and the
status message is: No Connection.
4. Create the initial switch configuration:
nYou can deploy an initial configuration to the switch. Through this process, you supply the
information required by a configuration template that you choose from a list of templates
provided by the application. Then you deploy the configuration to the switch and, optionally,
import the switch into NetEdit.
When you deploy a switch configuration, it becomes the running configuration, replacing the
entire existing configuration of the switch. All changes previously made to the factory default
configuration are overwritten.
If you plan to both deploy a switch configuration and customize the configuration of switch
features, deploy the initial configuration first.
To deploy an initial switch configuration, tap: Initial Config and follow the instructions in the
application.
nAlternatively, you can complete the initial configuration of the switch by tapping Modify
Config and then selecting the features and settings to configure.
nYou can also use the Modify Config feature to configure some switch features after the initial
configuration is complete. For more information about what you can configure using the
Aruba CX mobile app, see the online help for the application.
Troubleshooting Bluetooth connections
Bluetooth connection IP addresses
The Bluetooth connection uses IP addresses in the 192.168.99.0/24 subnet.
Switch
192.168.99.1
Mobile device
192.168.99.10
Bluetooth is connected but the switch is not reachable
Symptom
The mobile device settings indicate that the device is connected to the switch through Bluetooth.
However, the mobile application indicates that the switch is not reachable.
Solution 1
/